| Message ID | 1370276607-4180-1-git-send-email-imammedo@redhat.com |
|---|---|
| State | New |
| Headers | show |
Reviewed-by: liguang <lig.fnst@cn.fujitsu.com> 在 2013-06-03一的 18:23 +0200,Igor Mammedov写道: > spotted by Coverity, > x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing > x86_reg_info_32[CPU_NB_REGS32] will be one element off array. Yes, it will. > > Signed-off-by: Igor Mammedov <imammedo@redhat.com> > --- > target-i386/cpu.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c > index 1a501d9..ae8e682 100644 > --- a/target-i386/cpu.c > +++ b/target-i386/cpu.c > @@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = { > > const char *get_register_name_32(unsigned int reg) > { > - if (reg > CPU_NB_REGS32) { > + if (reg >= CPU_NB_REGS32) { > return NULL; > } > return x86_reg_info_32[reg].name;
On 06/03/2013 11:23 AM, Igor Mammedov wrote: > spotted by Coverity, > x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing > x86_reg_info_32[CPU_NB_REGS32] will be one element off array. > > Signed-off-by: Igor Mammedov <imammedo@redhat.com> > --- > target-i386/cpu.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/target-i386/cpu.c b/target-i386/cpu.c > index 1a501d9..ae8e682 100644 > --- a/target-i386/cpu.c > +++ b/target-i386/cpu.c > @@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = { > > const char *get_register_name_32(unsigned int reg) > { > - if (reg > CPU_NB_REGS32) { > + if (reg >= CPU_NB_REGS32) { > return NULL; > } > return x86_reg_info_32[reg].name; > Looks obvious now that it's been spotted. ;) Reviewed by: Jesse Larrew <jlarrew@linux.vnet.ibm.com> Jesse Larrew Software Engineer, KVM Team IBM Linux Technology Center Phone: (512) 973-2052 (T/L: 363-2052) jlarrew@linux.vnet.ibm.com
Am 03.06.2013 18:23, schrieb Igor Mammedov: > spotted by Coverity, > x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing > x86_reg_info_32[CPU_NB_REGS32] will be one element off array. > > Signed-off-by: Igor Mammedov <imammedo@redhat.com> > --- > target-i386/cpu.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) Thanks, applied to qom-cpu: https://github.com/afaerber/qemu-cpu/commits/qom-cpu Andreas
diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 1a501d9..ae8e682 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -221,7 +221,7 @@ X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = { const char *get_register_name_32(unsigned int reg) { - if (reg > CPU_NB_REGS32) { + if (reg >= CPU_NB_REGS32) { return NULL; } return x86_reg_info_32[reg].name;
spotted by Coverity, x86_reg_info_32[] is CPU_NB_REGS32 elements long, so accessing x86_reg_info_32[CPU_NB_REGS32] will be one element off array. Signed-off-by: Igor Mammedov <imammedo@redhat.com> --- target-i386/cpu.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)